GetParametersForImport
Gets the parameters needed to import key material into a KMS key.
Description
The GetParametersForImport operation returns the parameters you need to import key material into a KMS key. This operation is part of the process of importing key material into QKMS.
note
- This operation returns a public key and an import token. Use the public key to encrypt the key material that you want to import. Store the import token to send with a subsequent
ImportKeyMaterialrequest. - The public key and import token from the same response must be used together. They can be used only with the KMS key specified in the request.
- The public key and import token are valid only for the time specified in the response.
- For more information about importing key material, see Importing Key Material.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.GetParametersForImport" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The identifier of the KMS key that will be associated with the imported key material. This must identify a symmetric encryption KMS key with no key material. | Yes | string |
| WrappingAlgorithm | The algorithm you will use to encrypt the key material before importing it. Valid Values: RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256. | Yes | string |
| WrappingKeySpec | The type of wrapping key (public key) to return in the response. Currently, the only valid value is RSA_2048. | Yes | string |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.GetParametersForImport
{
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"WrappingAlgorithm": "RSAES_OAEP_SHA_1",
"WrappingKeySpec": "RSA_2048"
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
| Name | Description | Required | Type |
|---|---|---|---|
| ImportToken | The import token to send in a subsequent ImportKeyMaterial request. | No | String |
| KeyId | The Amazon Resource Name (ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. | No | String |
| ParametersValidTo | The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request. | No | String |
| PublicKey | The public key to use to encrypt the key material before importing it. | No | String |
Special Errors
| Error Code | Description |
|---|---|
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidArnException | The request was rejected because a specified ARN was not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| NotFoundException | The request was rejected because the specified entity or resource could not be found. |
| UnsupportedOperationException | The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation. |
Permissions
To use the GetParametersForImport operation, you must have the following permissions:
kms:GetParametersForImporton the KMS key (specified in the policy)
Try It Out
Test GetParametersForImport
Get parameters for importing key material into a KMS key.
Coming Soon
This feature is currently under development and will be available soon.